[Secure-testing-team] Bug#637477: possibly allows shell injection
Ansgar Burchardt
ansgar at debian.org
Thu Aug 11 21:36:42 UTC 2011
Package: src:dtc
Version: 0.29.17-1
Severity: critical
Tags: security
Hi,
shared/inc/sql/lists.php includes code like
if ($_REQUEST[$tunable_name]!=""){
//i write in the file
$write_line = "echo ".$_REQUEST[$tunable_name]." > ".$option_file;
exec($write_line);
}else{ //i remove the file
and does not seem to check the contents of $_REQUEST for sanity as far as I can
see.
(I did not try actually using it as I do not have dtc setup.)
Regards,
Ansgar
More information about the Secure-testing-team
mailing list